Last Call Review of draft-ietf-uta-require-tls13-05
review-ietf-uta-require-tls13-05-dnsdir-lc-huston-2025-02-20-00
review-ietf-uta-require-tls13-05-dnsdir-lc-huston-2025-02-20-00
I was assigned as the dnsdir reviewer for draft-ietf-uta-require-tls13-05. For more information about the DNS Directorate, please see https://wiki.ietf.org/en/group/dnsdir NIT: Should the enumeration of the known deficiencies of TLS 1.2 be contained in the Introduction? The same considerations are described in Section 6, and their summation in the Introduction seems to be superfluous. NIT: the assertion in section 3 that "TLS applications will need to migrate to post-quantum cryptography" is ddependent on the expectation of the lifetime of the integrity of the encrypted object. The current advice on the immediate need to use PQC is based on an integrity lifetime of 20 years.I would feel better if the sentence read "many TLD applications..." NIT: Section 4: "As a counter example, the Usage Profile for DNS over TLS [DNSTLS] specifies TLS 1.2 as the default, while also allowing TLS 1.3." I fail to appreciate the rationale for including this - the text is careful to note that this applies to new protocols and DNS over TLS is not a new protocol at this state.